CVE-2026-20097
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the root user.
Cisco has assigned this vulnerability a SIR of High rather than Medium as the score indicates because additional security implications could occur when the attacker becomes root.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(2g) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 3.1(2i) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 3.1(1d) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(4i) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(1c) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(2c) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(1e) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(2h) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(4h) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(1h) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(2l) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 3.1(3g) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(1.240) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(2f) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(1g) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(2i) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 3.1(3i) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(4d) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(1d) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 3.1(3c) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(4k) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 3.1(2d) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 3.1(3a) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 3.1(3j) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(2d) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(1f) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(1c) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(4f) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(4c) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 3.1(3d) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 3.1(2g) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 3.1(2c) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(1d) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 3.1(2e) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(1a) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(1b) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 3.1(3b) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(4b) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 3.1(2b) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(4e) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 3.1(3h) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(4l) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(1g) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(2a) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(2n) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(1h) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 3.1(3k) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(2b) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(2o) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(4m) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(2d) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(3b) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(2p) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(2e) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(2f) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(4n) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(2q) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(3c) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.0(2r) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(3d) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(2g) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(2h) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(3f) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(2j) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(2k) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(3h) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(2a) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(3i) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(2f) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(2g) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(3b) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(3l) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(3d) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(1.230097) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(1e) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(1b) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(1j) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(1i) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(1f) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(1a) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(1c) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(1g) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(1.230124) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(2l) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(3e) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(1.230138) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(3g) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(2.230207) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(3h) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(3i) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(2.230270) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(3m) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(2m) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(2.240002) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(3.240022) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(3j) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.1(3n) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(2.240009) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(3.240043) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(4.240142) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(2.240037) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(2.240053) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(4.240152) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(3l) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(2.240077) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(4.242028) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(4.241063) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(4.242038) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(3m) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(2.240090) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(5.240021) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(2.240107) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(4.242066) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(3n) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(5.250001) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(3o) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(2.250016) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(2.250021) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(5.250030) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(2.250022) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(6.250040) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(5.250033) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(6.250044) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(6.250053) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(2.250037) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(2.250045) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(4.252001) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(4.252002) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 6.0(1.250127) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.2(3p) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 6.0(1.250131) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(6.250101) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 6.0(1.250174) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(6.250117) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(5.250043) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(6.250039) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(5.250045) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(6.250060) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 6.0(1.250130) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(4.241014) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(2.250063) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 6.0(1.250192) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 4.3(6.260003) | affected |
| Cisco | Cisco Unified Computing System (Standalone) | 6.0(1.250194) | affected |
Weaknesses
- CWE-787: Out-of-bounds Write
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.